aptalca Posted February 3, 2018 Share Posted February 3, 2018 4 hours ago, WannabeMKII said: OK, so I've change port forwarding to 80, 80 and the internal IP. I've changed HTTPVAL to 'true' from 'True'. On running the docker, I get the following in the logs; Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Any other ideas? If you set HTTPVAL to true and you're still getting that error, it means you need to update the image, or there is another HTTPVAL directive in your docker run/create command that is not set to true Quote Link to comment
torn8o Posted February 3, 2018 Share Posted February 3, 2018 I have been reading the thread for a few days and have tried most if not all of the settings to try to get letsencrypt to work properly. I have cone to the realization that I need some help. here are my docker commands pic for port forwarding docker settings and log. Please review and point me to the right direction User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.duckdns.org -d *****.duckdns.org E-mail address entered: *******@gmail.com Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for duckdns.org http-01 challenge for www.duckdns.org http-01 challenge for ******.duckdns.org Waiting for verification... Cleaning up challenges Failed authorization procedure. duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://duckdns.org/.well-known/acme-challenge/5DjNjApDhgxwNVsF1Q6lWYBssBPsq5R5LcM43nyAZHg: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>", www.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.duckdns.org/.well-known/acme-challenge/movR-LxQjAQuGhXp8wzWU9LjdT99d5UBC_3o0n7RnXA: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: duckdns.org Type: unauthorized Detail: Invalid response fromhttp://duckdns.org/.well-known/acme-challenge/5DjNjApDhgxwNVsF1Q6lWYBssBPsq5R5LcM43nyAZHg: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" Domain: www.duckdns.org Type: unauthorized Detail: Invalid response fromhttp://www.duckdns.org/.well-known/acme-challenge/movR-LxQjAQuGhXp8wzWU9LjdT99d5UBC_3o0n7RnXA: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 HTTPVAL appears correct and the docker image is from this morning. I've attached a screenshot. All port forwarding etc is fine too and when we tried nginx on the same ports, it worked straight away... CHBMB looked over my setup earlier too. He suggested I speak with you about dnsmadeeady, as that's my DNS provider. Did you get my message? Quote Link to comment
aptalca Posted February 3, 2018 Share Posted February 3, 2018 (edited) 38 minutes ago, torn8o said: I have been reading the thread for a few days and have tried most if not all of the settings to try to get letsencrypt to work properly. I have cone to the realization that I need some help. here are my docker commands pic for port forwarding docker settings and log. Please review and point me to the right direction User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.duckdns.org -d *****.duckdns.org E-mail address entered: *******@gmail.com Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for duckdns.org http-01 challenge for www.duckdns.org http-01 challenge for ******.duckdns.org Waiting for verification... Cleaning up challenges Failed authorization procedure. duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://duckdns.org/.well-known/acme-challenge/5DjNjApDhgxwNVsF1Q6lWYBssBPsq5R5LcM43nyAZHg: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>", www.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.duckdns.org/.well-known/acme-challenge/movR-LxQjAQuGhXp8wzWU9LjdT99d5UBC_3o0n7RnXA: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: duckdns.org Type: unauthorized Detail: Invalid response fromhttp://duckdns.org/.well-known/acme-challenge/5DjNjApDhgxwNVsF1Q6lWYBssBPsq5R5LcM43nyAZHg: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" Domain: www.duckdns.org Type: unauthorized Detail: Invalid response fromhttp://www.duckdns.org/.well-known/acme-challenge/movR-LxQjAQuGhXp8wzWU9LjdT99d5UBC_3o0n7RnXA: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Unraid gui uses port 80. Change your http port in the container to something else like port 81 and on your router forward port 80 to 81 on unraid EDIT: Oops didn't realize the container has its own ip The issue suggests that the validation server is connecting to a different webserver. Check your ip setting and make sure there isn't another machine on that ip you set for the container EDIT2: I also realized that you are trying to validate "duckdns.org". You need to read the info carefully (unless you are the owner of duckdns.org, which I doubt) Edited February 3, 2018 by aptalca Quote Link to comment
aptalca Posted February 3, 2018 Share Posted February 3, 2018 30 minutes ago, WannabeMKII said: HTTPVAL appears correct and the docker image is from this morning. I've attached a screenshot. All port forwarding etc is fine too and when we tried nginx on the same ports, it worked straight away... CHBMB looked over my setup earlier too. He suggested I speak with you about dnsmadeeady, as that's my DNS provider. Did you get my message? I did get your message but your issue is not the ports. Your container is somehow set to use tls validation and that's why you are getting the error. Either your image is old (from before we implemented the HTTPVAL variable) or your settings are incorrect. Is there perhaps a space after the true in that variable? Can you post your docker run command that is shown after you save the settings and a new container is created? Quote Link to comment
strike Posted February 3, 2018 Share Posted February 3, 2018 30 minutes ago, WannabeMKII said: HTTPVAL appears correct and the docker image is from this morning. I've attached a screenshot. All port forwarding etc is fine too and when we tried nginx on the same ports, it worked straight away... CHBMB looked over my setup earlier too. He suggested I speak with you about dnsmadeeady, as that's my DNS provider. Did you get my message? Have you tried to change the host port to 80 in the docker template like I suggested earlier? In your screenshot it still says 81. I get that it's on its own IP and you have port forwarded 80->80 on that IP but that won't do you any good if the host port in the docker template is still 81. Unless the container ignores that completely when it's on its own IP? Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 9 minutes ago, aptalca said: I did get your message but your issue is not the ports. Your container is somehow set to use tls validation and that's why you are getting the error. Either your image is old (from before we implemented the HTTPVAL variable) or your settings are incorrect. Is there perhaps a space after the true in that variable? Can you post your docker run command that is shown after you save the settings and a new container is created? No space anywhere on 'true'. Here's the run command; root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="*****@*****.***" -e "URL"="*****.***" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="true" -e "PUID"="99" -e "PGID"="100" -p 81:81/tcp -p 444:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 0d992b727e55d3d67b94761e56853cd0ba7df419c3e8050ddb17d8304b908227 The command finished successfully! I mentioned about dnsmadeeasy, as was going to give it a try for you, but guess it's not worth it until this is working. Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 10 minutes ago, strike said: Have you tried to change the host port to 80 in the docker template like I suggested earlier? In your screenshot it still says 81. I get that it's on its own IP and you have port forwarded 80->80 on that IP but that won't do you any good if the host port in the docker template is still 81. Unless the container ignores that completely when it's on its own IP? We've tried all variations to get it to work and we're back to sharing the IP with unraid. Quote Link to comment
JonathanM Posted February 3, 2018 Share Posted February 3, 2018 32 minutes ago, WannabeMKII said: We've tried all variations to get it to work and we're back to sharing the IP with unraid. In your run command you've got 81 mapped to 81 inside the container. That won't work because the container is listening on 80. You need to change the mapping for container 80, host 81. Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 22 minutes ago, jonathanm said: In your run command you've got 81 mapped to 81 inside the container. That won't work because the container is listening on 80. You need to change the mapping for container 80, host 81. Ah got you, sorry. After changing the port, I get the following; root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="*****@*****.***" -e "URL"="*****.***" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="true" -e "PUID"="99" -e "PGID"="100" -p 80:81/tcp -p 444:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 1d79d9f9dc01fd82456b2131a0311e4d33eb32a8ed50b55b026349ea5bde2033 /usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (176839ccbca9b1aa09ea179adc960f4d4b1887c58ead94c06b6ef5bb2006a44e): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use. The command failed. I guessing this is because of it being the same port and IP of unraid? Quote Link to comment
saarg Posted February 3, 2018 Share Posted February 3, 2018 1 minute ago, WannabeMKII said: Ah got you, sorry. After changing the port, I get the following; root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="*****@*****.***" -e "URL"="*****.***" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="true" -e "PUID"="99" -e "PGID"="100" -p 80:81/tcp -p 444:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 1d79d9f9dc01fd82456b2131a0311e4d33eb32a8ed50b55b026349ea5bde2033 /usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (176839ccbca9b1aa09ea179adc960f4d4b1887c58ead94c06b6ef5bb2006a44e): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use. The command failed. I guessing this is because of it being the same port and IP of unraid? You changed the wrong part of the port mapping. Reverse it Quote Link to comment
CHBMB Posted February 3, 2018 Share Posted February 3, 2018 It was mapped right last I saw.... You change it? Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 9 minutes ago, saarg said: You changed the wrong part of the port mapping. Reverse it OK. I had to delete that section and re-add it and now done; root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/London" -e HOST_OS="unRAID" -e "EMAIL"="*****@*****.***" -e "URL"="*****.***" -e "SUBDOMAINS"="*****" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "HTTPVAL"="true" -e "PUID"="99" -e "PGID"="100" -p 444:443/tcp -p 81:80/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 2e883074e4fa57872dcfe4dbe866e245bdb871a60f8010e34cdf2bf7ca3d997c The command finished successfully! I've also attached the port forwarding. LE logs; [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Backwards compatibility check. . . Still using tls-sni. Please set the VALIDATION parameter in the future 2048 bit DH parameters present SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d *****.*****.*** E-mail address entered: *****.*****.*** Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Hopefully this show's everything...? Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 Should I just nuke my LE container, appdata etc and start again? Quote Link to comment
CHBMB Posted February 3, 2018 Share Posted February 3, 2018 9 minutes ago, WannabeMKII said: Should I just nuke my LE container, appdata etc and start again? You can, and make sure you delete the template. But we're making some changes, so you might want to wait a while..... Quote Link to comment
WannabeMKII Posted February 3, 2018 Share Posted February 3, 2018 Just now, CHBMB said: You can, and make sure you delete the template. But we're making some changes, so you might want to wait a while..... OK. I'll wait for the new version to be available, then nuke everything and start again. Just out of interest, what's the ETA on the new version? Are we talking hours, days...? Quote Link to comment
cpshoemake Posted February 4, 2018 Share Posted February 4, 2018 2 hours ago, WannabeMKII said: Should I just nuke my LE container, appdata etc and start again? I just ran into this problem and discovered the solution. The key is in the log. ERROR: Cert does not exist! Please see the validation error above. If you scroll up a few lines, you'll see: Still using tls-sni. Please set the VALIDATION parameter in the future It appears that the HTTPVAL variable changed to VALIDATION. It's an easy fix. 1. Edit the docker configuration. 2. Click "Add another Path, Port, Variable or Device" at the bottom. 3. Enter the following values: Config Type: Variable Name: HTTP Validation Key: VALIDATION Value: true 4. Click "Add." 5. Click "Apply." Quote Link to comment
Diode663 Posted February 4, 2018 Share Posted February 4, 2018 Just something to think about, I swore up and down that port 80 wasnt blocked by my isp because I got on the phone with them a few months ago and had them open it up. Well I checked again and sure enough it was closed. it got reset for some reason or another, so make doubly sure that it is open, especially if Optimum is your isp. Also I must have updated my docker 5 minutes after you posted the new version because I dont see any talk of the new fields, notably the validation field. But after forcing an update everything works. Thank you guys. Is this container capable of forwarding to a service on a different ip? I would like to add my idrac but its on a different ip/ adapter. If this is possible are there any examples? Quote Link to comment
aptalca Posted February 4, 2018 Share Posted February 4, 2018 6 hours ago, cpshoemake said: I just ran into this problem and discovered the solution. The key is in the log. ERROR: Cert does not exist! Please see the validation error above. If you scroll up a few lines, you'll see: Still using tls-sni. Please set the VALIDATION parameter in the future It appears that the HTTPVAL variable changed to VALIDATION. It's an easy fix. 1. Edit the docker configuration. 2. Click "Add another Path, Port, Variable or Device" at the bottom. 3. Enter the following values: Config Type: Variable Name: HTTP Validation Key: VALIDATION Value: true 4. Click "Add." 5. Click "Apply." You might want to read the info more closely. VALIDATION=true is not a valid option. You need "http", "dns" or "tls-sni" (tls-sni currently disabled by letsencrypt for most users) Quote Link to comment
WannabeMKII Posted February 4, 2018 Share Posted February 4, 2018 4 hours ago, aptalca said: You might want to read the info more closely. VALIDATION=true is not a valid option. You need "http", "dns" or "tls-sni" (tls-sni currently disabled by letsencrypt for most users) Ah ha, adding "tls-sni" = "true" has got me back up and running! Port 80 is still appearing as closed though? Now just to get nzbhydra2 actually loading properly. Superb news though and really appreciate the constant help from everyone, absolutely legendary! Quote Link to comment
CHBMB Posted February 4, 2018 Share Posted February 4, 2018 3 minutes ago, WannabeMKII said: Ah ha, adding "tls-sni" = "true" has got me back up and running! Port 80 is still appearing as closed though? Now just to get nzbhydra2 actually loading properly. Superb news though and really appreciate the constant help from everyone, absolutely legendary! The only problem I can see with this, is when your certs need renewing. @aptalca is the expert, so I may be wrong. Quote Link to comment
Invincible Posted February 4, 2018 Share Posted February 4, 2018 The latest update (from last night) seems to have broken something for me. I haven't changed any of the settings however i noticed there was a new "Validation" option in the docker settings which is set to HTTP. I also noticed that the HTTPVAL setting was missing from the show more settings tab. Any ideas what would have broken the config for me? Here are the logs: [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Backwards compatibility check. . . 2048 bit DH parameters present SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d ******.duckdns.org E-mail address entered: ********** Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for ******.duckdns.org Waiting for verification... Cleaning up challenges Failed authorization procedure. ******.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: ******.duckdns.org Type: unauthorized Detail: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "EMAIL"="*********" -e "URL"="duckdns.org" -e "SUBDOMAINS"="******" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 2dab690e979f92d6a66c2a7506fbb121324e105cd195d576fa5c141d067d0952 Quote Link to comment
DieFalse Posted February 4, 2018 Share Posted February 4, 2018 3 minutes ago, Invincible said: The latest update (from last night) seems to have broken something for me. I haven't changed any of the settings however i noticed there was a new "Validation" option in the docker settings which is set to HTTP. I also noticed that the HTTPVAL setting was missing from the show more settings tab. Any ideas what would have broken the config for me? Here are the logs: [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Backwards compatibility check. . . 2048 bit DH parameters present SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d ******.duckdns.org E-mail address entered: ********** Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for ******.duckdns.org Waiting for verification... Cleaning up challenges Failed authorization procedure. ******.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: ******.duckdns.org Type: unauthorized Detail: Invalid response from http://******.duckdns.org/.well-known/acme-challenge/MKKaK-NvviGlS4ME6FlQ5uTBojzr8WHznM36sgR8Ujo: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "EMAIL"="*********" -e "URL"="duckdns.org" -e "SUBDOMAINS"="******" -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 2dab690e979f92d6a66c2a7506fbb121324e105cd195d576fa5c141d067d0952 Your docker shows 442 for the SSL but your forwarding in the router shows 443 Quote Link to comment
Invincible Posted February 4, 2018 Share Posted February 4, 2018 34 minutes ago, fmp4m said: Your docker shows 442 for the SSL but your forwarding in the router shows 443 If you're referring to the first image then that's the unraid internal settings (Under Settings -> Identification) not the docker settings. I changed unraid to go to port 442 so it doesn't interfere with LE's 443 setting. Quote Link to comment
CHBMB Posted February 4, 2018 Share Posted February 4, 2018 12 minutes ago, Invincible said: If you're referring to the first image then that's the unraid internal settings (Under Settings -> Identification) not the docker settings. I changed unraid to go to port 442 so it doesn't interfere with LE's 443 setting. That's fine as long as your firewall/router is forwarding 443 externally to 442 on your Unraid box. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.